[ OK ] Started Regular background program processing daemon. Starting getty on tty2-tty6 if dbus and logind are not available... Starting System Logging Service... [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. [ OK ] Started Permit User Sessions. [ OK ] Started System Logging Service. [ OK ] Found device /dev/ttyS0. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.153' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 76.635562][ T34] audit: type=1400 audit(1607037971.084:8): avc: denied { execmem } for pid=8478 comm="syz-executor922" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 76.666753][ T8479] REISERFS (device loop0): found reiserfs format "3.5" with standard journal [ 76.678594][ T8479] REISERFS (device loop0): using ordered data mode [ 76.686256][ T8479] reiserfs: using flush barriers [ 76.693961][ T8479] REISERFS (device loop0): journal params: device loop0, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 [ 76.714577][ T8479] REISERFS (device loop0): checking transaction log (loop0) [ 77.771811][ T8479] ================================================================== [ 77.780262][ T8479] BUG: KASAN: use-after-free in reiserfs_read_locked_inode+0x1f2d/0x2230 [ 77.788882][ T8479] Read of size 4 at addr ffff88803c92c000 by task syz-executor922/8479 [ 77.797325][ T8479] [ 77.799654][ T8479] CPU: 0 PID: 8479 Comm: syz-executor922 Not tainted 5.10.0-rc6-syzkaller #0 [ 77.808438][ T8479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.818499][ T8479] Call Trace: [ 77.821794][ T8479] dump_stack+0x107/0x163 [ 77.826115][ T8479] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 77.832179][ T8479] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 77.838247][ T8479] print_address_description.constprop.0.cold+0xae/0x497 [ 77.845261][ T8479] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 77.850627][ T8479] ? vprintk_func+0x95/0x1e0 [ 77.855229][ T8479] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 77.861293][ T8479] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 77.867341][ T8479] kasan_report.cold+0x1f/0x37 [ 77.872274][ T8479] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 77.878335][ T8479] reiserfs_read_locked_inode+0x1f2d/0x2230 [ 77.884222][ T8479] ? reiserfs_write_lock+0x75/0xf0 [ 77.889338][ T8479] ? sd_attrs_to_i_attrs+0x260/0x260 [ 77.894636][ T8479] ? mutex_lock_io_nested+0xf30/0xf60 [ 77.900007][ T8479] ? find_inode+0xc1/0x220 [ 77.904415][ T8479] ? reiserfs_init_locked_inode+0x120/0x120 [ 77.910302][ T8479] reiserfs_fill_super+0x18eb/0x2e00 [ 77.915578][ T8479] ? reiserfs_remount+0x1580/0x1580 [ 77.920758][ T8479] ? lock_downgrade+0x6d0/0x6d0 [ 77.925595][ T8479] ? snprintf+0xbb/0xf0 [ 77.929729][ T8479] ? vsprintf+0x30/0x30 [ 77.933872][ T8479] ? wait_for_completion+0x260/0x260 [ 77.939138][ T8479] ? set_blocksize+0x1c1/0x400 [ 77.943891][ T8479] mount_bdev+0x32e/0x3f0 [ 77.948203][ T8479] ? reiserfs_remount+0x1580/0x1580 [ 77.953382][ T8479] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 77.958392][ T8479] legacy_get_tree+0x105/0x220 [ 77.963142][ T8479] vfs_get_tree+0x89/0x2f0 [ 77.967553][ T8479] path_mount+0x13ad/0x20c0 [ 77.972053][ T8479] ? strncpy_from_user+0x2a0/0x3e0 [ 77.977173][ T8479] ? finish_automount+0xac0/0xac0 [ 77.982205][ T8479] ? getname_flags.part.0+0x1dd/0x4f0 [ 77.987567][ T8479] __x64_sys_mount+0x27f/0x300 [ 77.992314][ T8479] ? copy_mnt_ns+0xa60/0xa60 [ 77.996898][ T8479] ? syscall_enter_from_user_mode+0x1d/0x50 [ 78.002801][ T8479] do_syscall_64+0x2d/0x70 [ 78.007208][ T8479] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 78.013111][ T8479] RIP: 0033:0x447d7a [ 78.016992][ T8479] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d a3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a a3 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 78.037013][ T8479] RSP: 002b:00007fffd20f71b8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 78.045443][ T8479] RAX: ffffffffffffffda RBX: 00007fffd20f7210 RCX: 0000000000447d7a [ 78.053502][ T8479] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fffd20f71d0 [ 78.061498][ T8479] RBP: 00007fffd20f71d0 R08: 00007fffd20f7210 R09: 0000000000000000 [ 78.069452][ T8479] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000006 [ 78.077582][ T8479] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 78.085545][ T8479] [ 78.088123][ T8479] The buggy address belongs to the page: [ 78.093746][ T8479] page:00000000fbed4525 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x3c92c [ 78.103880][ T8479] flags: 0xfff00000000000() [ 78.108378][ T8479] raw: 00fff00000000000 ffffea0000f24b48 ffff8880b9e38248 0000000000000000 [ 78.116950][ T8479] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 78.125509][ T8479] page dumped because: kasan: bad access detected [ 78.131911][ T8479] [ 78.134240][ T8479] Memory state around the buggy address: [ 78.139861][ T8479] ffff88803c92bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 78.147903][ T8479] ffff88803c92bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 78.156140][ T8479] >ffff88803c92c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.164177][ T8479] ^ [ 78.168223][ T8479] ffff88803c92c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.176264][ T8479] ffff88803c92c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 78.184311][ T8479] ================================================================== [ 78.192539][ T8479] Disabling lock debugging due to kernel taint [ 78.199320][ T8479] Kernel panic - not syncing: panic_on_warn set ... [ 78.205921][ T8479] CPU: 0 PID: 8479 Comm: syz-executor922 Tainted: G B 5.10.0-rc6-syzkaller #0 [ 78.216071][ T8479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.226145][ T8479] Call Trace: [ 78.229427][ T8479] dump_stack+0x107/0x163 [ 78.233749][ T8479] ? reiserfs_read_locked_inode+0x1e70/0x2230 [ 78.239786][ T8479] panic+0x306/0x73d [ 78.243654][ T8479] ? __warn_printk+0xf3/0xf3 [ 78.248222][ T8479] ? preempt_schedule_common+0x59/0xc0 [ 78.253665][ T8479] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 78.259718][ T8479] ? preempt_schedule_thunk+0x16/0x18 [ 78.265067][ T8479] ? trace_hardirqs_on+0x51/0x1c0 [ 78.270166][ T8479] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 78.276219][ T8479] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 78.282459][ T8479] end_report+0x58/0x5e [ 78.286591][ T8479] kasan_report.cold+0xd/0x37 [ 78.291256][ T8479] ? reiserfs_read_locked_inode+0x1f2d/0x2230 [ 78.297298][ T8479] reiserfs_read_locked_inode+0x1f2d/0x2230 [ 78.303166][ T8479] ? reiserfs_write_lock+0x75/0xf0 [ 78.308270][ T8479] ? sd_attrs_to_i_attrs+0x260/0x260 [ 78.313537][ T8479] ? mutex_lock_io_nested+0xf30/0xf60 [ 78.318989][ T8479] ? find_inode+0xc1/0x220 [ 78.323391][ T8479] ? reiserfs_init_locked_inode+0x120/0x120 [ 78.329271][ T8479] reiserfs_fill_super+0x18eb/0x2e00 [ 78.334557][ T8479] ? reiserfs_remount+0x1580/0x1580 [ 78.339727][ T8479] ? lock_downgrade+0x6d0/0x6d0 [ 78.344565][ T8479] ? snprintf+0xbb/0xf0 [ 78.348709][ T8479] ? vsprintf+0x30/0x30 [ 78.352860][ T8479] ? wait_for_completion+0x260/0x260 [ 78.358223][ T8479] ? set_blocksize+0x1c1/0x400 [ 78.362963][ T8479] mount_bdev+0x32e/0x3f0 [ 78.367267][ T8479] ? reiserfs_remount+0x1580/0x1580 [ 78.372440][ T8479] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 78.377438][ T8479] legacy_get_tree+0x105/0x220 [ 78.382204][ T8479] vfs_get_tree+0x89/0x2f0 [ 78.386607][ T8479] path_mount+0x13ad/0x20c0 [ 78.391106][ T8479] ? strncpy_from_user+0x2a0/0x3e0 [ 78.396257][ T8479] ? finish_automount+0xac0/0xac0 [ 78.401271][ T8479] ? getname_flags.part.0+0x1dd/0x4f0 [ 78.406637][ T8479] __x64_sys_mount+0x27f/0x300 [ 78.411382][ T8479] ? copy_mnt_ns+0xa60/0xa60 [ 78.415953][ T8479] ? syscall_enter_from_user_mode+0x1d/0x50 [ 78.421824][ T8479] do_syscall_64+0x2d/0x70 [ 78.426240][ T8479] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 78.432112][ T8479] RIP: 0033:0x447d7a [ 78.435992][ T8479] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d a3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a a3 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 78.455868][ T8479] RSP: 002b:00007fffd20f71b8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 78.464437][ T8479] RAX: ffffffffffffffda RBX: 00007fffd20f7210 RCX: 0000000000447d7a [ 78.472384][ T8479] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fffd20f71d0 [ 78.480333][ T8479] RBP: 00007fffd20f71d0 R08: 00007fffd20f7210 R09: 0000000000000000 [ 78.488292][ T8479] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000006 [ 78.496242][ T8479] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 78.505060][ T8479] Kernel Offset: disabled [ 78.509383][ T8479] Rebooting in 86400 seconds..